Page 1 of 1

Form help!!

Posted: Fri Mar 18, 2005 8:40 pm
by Smackie
on this form im working on i get an error ill show you the script and where the error is suppose to be coming from and the error........

script

Code: Select all

<?
if ((isset($_GET['poet_poet_id']) == true) && (isset($_Get['poemname']) == true) && (isset($_GET['poem']) == true)) 
{ 

// Tell the user it has been submitted (optional) 
echo('Your comment has been posted.');

// Set Mysql Variables
$host = 'localhost'; 
$user = 'username';
$pass = 'password';
$db = 'db';

// Set global variables to easier names
$poetid = $_GET['poetid'];
$poemname = $_GET['poemname']; 
$poem = $_GET['poem'];

// Connect to Mysql, select the correct database, and run teh query which adds the data gathered from the form into the database
mysql_connect($host,$user,$pass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());
$add_all = "insert into poems (poet_id, poemname, poem) values (".$poetid.", '".$poemname.'", '".$poem."')

mysql_query($add_all) or die(mysql_error()); 
}
else
{
echo $add_all;
// If the form has not been submitted, display it!
?>
<form method='get' action='<? echo $PHP_SELF; ?>'>
Poem Name: <input type='text' name='poemname'><br><br>
Poem: <br>
<textarea name='poem' cols='50' rows='10'></textarea><br><br>
<input type='submit' value='Post your poem'>
</form>  
<?
}
?>
line where the error is suppose to be coming from
mysql_connect($host,$user,$pass) or die(mysql_error());
the error
Parse error: parse error, unexpected '\"' in /home/haunted/public_html/Poetry/poetry.php on line 22
thank you

Smackie


feyd | Please review how to post code using

Code: Select all

and

Code: Select all

tags. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]

Posted: Fri Mar 18, 2005 8:59 pm
by hongco

Code: Select all

$add_all = "INSERT into poems (poet_id, poemname, poem) values ('$poetid', '$poemname','$poem')";

Posted: Fri Mar 18, 2005 9:23 pm
by Smackie
alright think you now i got a new problem.......... it dont post in mysql.........

Posted: Fri Mar 18, 2005 9:35 pm
by hongco
was there error?

you also need to take care some security issues when taking inputs by user -
someone can use mysql injection

// Set global variables to easier names
$poetid = $_GET['poetid'];
$poemname = $_GET['poemname'];
$poem = $_GET['poem'];

Posted: Fri Mar 18, 2005 9:36 pm
by Smackie
there is now error it just goes back to the page with this in the url
http://www.hauntedgraveyard.net/Poetry/ ... em=testing